diff options
author | Richard Ipsum <richardipsum@fastmail.co.uk> | 2017-07-30 19:09:01 +0100 |
---|---|---|
committer | Richard Ipsum <richardipsum@fastmail.co.uk> | 2017-07-30 19:09:01 +0100 |
commit | a18b40facef388bb94b3c22ee908e65cbbcdcce6 (patch) | |
tree | 7eb5532731ef52378eccbf620b13463b86da9d69 | |
parent | 38dfc0477f228d06d952528c91a59a31940b95d7 (diff) | |
download | supple-a18b40facef388bb94b3c22ee908e65cbbcdcce6.tar.gz |
security: clear environment
Motivation: https://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/environment-variables.html
-rw-r--r-- | src/wrapper.c | 11 |
1 files changed, 5 insertions, 6 deletions
diff --git a/src/wrapper.c b/src/wrapper.c index a8a33da..ff2df91 100644 --- a/src/wrapper.c +++ b/src/wrapper.c @@ -60,18 +60,17 @@ main(int argc, char **argv) prot_args parg; lua_State *L; int success; + extern char **environ; /* Perform pre-lua-interpreter initialisation */ #if defined BAKE_SUPPLE_PATHS + environ = NULL; /* security: clear environment */ setenv("LUA_PATH", SUPPLE_LUA_PATH, 1); setenv("LUA_CPATH", SUPPLE_LUA_CPATH, 1); - unsetenv("SUPPLE_MKDTEMP"); - unsetenv("LUA_INIT"); #elif !defined TESTING_SUPPLE - unsetenv("LUA_PATH"); - unsetenv("LUA_CPATH"); - unsetenv("SUPPLE_MKDTEMP"); - unsetenv("LUA_INIT"); + environ = NULL; /* security: clear environment */ +#else + (void)(environ); /* unused */ #endif L = luaL_newstate(); |